Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

HTC Settles US Charges of Security Flaws on Devices

WASHINGTON – Taiwan-based electronics maker HTC settled charges with US regulators that it failed to provide adequate security for smartphones and tablet computers sold to Americans, officials said Friday.

WASHINGTON – Taiwan-based electronics maker HTC settled charges with US regulators that it failed to provide adequate security for smartphones and tablet computers sold to Americans, officials said Friday.

The Federal Trade Commission said HTC agreed “to develop and release software patches to fix vulnerabilities found in millions of HTC devices.”

No financial penalty against the company was announced.

The FTC said it investigated allegations that HTC “failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.”

The settlement requires HTC America “to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years,” the statement said.

RelatedCarriers Cripple Android, Prioritize Profits Over Protection

An FTC complaint filed at the same time as the settlement said HTC, which makes devices using both Microsoft Windows and the Google Android operating systems, made modifications to software which sacrificed security.

In some instances, the complaint said, HTC “undermined the Android operating system’s permission-based security model.”

The flaws could allow hackers to introduce malware which could “surreptitiously record phone conversations or other sensitive audio, to surreptitiously track a user’s physical location, and to perpetrate ‘toll fraud,'” a practice of sending text messages in order to collect fees, the FTC said.

The FTC said that malware could also be used to steal financial account numbers or medical information stored on the devices.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.